In this week’s Whiteboard Wednesday, Justin Buchanan, Solutions Manager for Vulnerability Management and Offensive Security Products at Rapid7, returns for the second installation of our three-part series on anti-phishing—phishing protection. In the video, we address employee reporting and phishing analysis, the two critical components of implementing phishing protection at your organization.
Hi, and welcome to this week's Whiteboard Wednesday. My name's Justin Buchanan, solutions manager for Offensive Security products here at Rapid7. We're here today to continue our anti-phishing series. And in this part of the series, we're gonna talk about phishing protection.Show more Show less
So why are we talking about phishing at all? And the reason is because as we've said before phishing sucks. 92% of the breaches analyzed in the Verizon Data Breach Digest had a threat actor using phishing as a technique. So it's a real problem.
And one piece in the overall program that we need to implement in order to protect ourselves against this problem is phishing protection.
So what is phishing protection? Phishing protection is really two pieces; it's employee reporting, and it's analysis. So let's break it down.
We'll start with employee reporting. You need to enable your employees to be able to identify potential phishing messages and report them to you. How do you that? You do that with technology that enables the reporting mechanism, and you also do it through training so that they learn how to use your reporting mechanism, and how to also identify these messages. Training your employees to report these messages is super important, because it can stop phishing campaigns that are currently underway by alerting your security team, and also because the 2017 Verizon DBIR said, "Employee notification was the most common discovery method of a breach." So it can let you know what's going on in your overall security environment.
The second component of phishing protection is analysis. And analyzing the phishing messages that are reported to your team can be very time-consuming. There's a lot of different things and tell tales that you need to work through to understand if the messages that you're looking at are in fact phishing or not.
Your team needs to go through and analyze each one of these links. They need to check the attachments to determine if they're malicious. They need to check the return path, they need to check all of these different indicators to determine if this message that has been reported is in fact malicious or not. You want your employees to report any messages that they even have a slight hunch about might be suspicious. But if you don't have the technology and the processes in place to make this an efficient and scalable process, you're gonna have another real problem there.
So in summary, phishing protection is all about making sure that you enable employee reporting when they identify phishing emails, and fast and scalable phishing analysis to review those messages that are sent to your team.
You can make this process easy on your users and your analysts by signing up for the InsightPhish Beta. The InsightPhish Beta will allow you to deploy buttons that give your employees one simple click to report a message, and it'll also let your analyst use automated Indicators of Phishing (IOPs) to quickly determine if a message is or is not a malicious attempt.
That's it for this Whiteboard Wednesday, we'll catch you later.